Does anyone have a comprehensive audit program/checklist for physical
security? I would want something that maps up to the PCI DSS standards
(although this “data” doesn’t process payment data it is highly sensitive
and thus meets the same security requirements). It isn’t a data centre we
are auditing, more a physical centre that wipes our disks on our behalf. A
few of the physical security audit programs I checked out through a Google
search weren’t up to much. Any such programs that you use and would be
willing to share would be great, right up to the policies, risk assessments,
BIA, logs and physical controls.